wget: Update to 1.18
| Message ID | 20160614103300.4660-1-matthias.fischer@ipfire.org |
|---|---|
| State | Accepted |
| Commit | e072f094e6fcb20a718caaef91ba9766258e2377 |
| Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (hedwig.ipfire.org [172.28.1.200]) by web02.ipfire.org (Postfix) with ESMTP id 3899261C25 for <patchwork@ipfire.org>; Tue, 14 Jun 2016 12:33:08 +0200 (CEST) Received: from mail01.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 80C2ED9A; Tue, 14 Jun 2016 12:33:07 +0200 (CEST) Received: from Devel.localdomain (p5DD836A7.dip0.t-ipconnect.de [93.216.54.167]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id E94E8CBB for <development@lists.ipfire.org>; Tue, 14 Jun 2016 12:33:05 +0200 (CEST) From: Matthias Fischer <matthias.fischer@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH] wget: Update to 1.18 Date: Tue, 14 Jun 2016 12:33:00 +0200 Message-Id: <20160614103300.4660-1-matthias.fischer@ipfire.org> X-Mailer: git-send-email 2.9.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <http://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <http://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <http://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
Message
Matthias Fischer
June 14, 2016, 8:33 p.m. UTC
Excerpt from annoncement:
"This version fixes a security vulnerability (CVE-2016-4971) present in
all old versions of wget. The vulnerability was discovered by Dawid
Golunski which were reported to us by Beyond Security's SecuriTeam.
On a server redirect from HTTP to a FTP resource, wget would trust the
HTTP server and uses the name in the redirected URL as the destination
filename.
This behaviour was changed and now it works similarly as a redirect from
HTTP to another HTTP resource so the original name is used as
the destination file. To keep the previous behaviour the user must
provide --trust-server-names."
Best,
Mat-backfromholidays-thias
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
---
lfs/wget | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)